<?php
if(!defined('IN_ECS'))
{
	die('Hacking attempt');
}

class cls_session
{
	var $db				= NULL;
	var $session_table	= '';
	var $max_life_time	= 1800;
	var $session_name	= '';
	var $session_id		= '';
	var $session_expiry	= '';
	var $session_md5	= '';
	var $session_cookie_path = '/';
	var $session_cookie_domain = '';
	var $session_cookie_secure = false;
	
	var $_ip = '';
	var $_time = 0;
	
	function __construct(&$db,$session_table,$session_data_table,$session_name = 'ECS_ID',$session_id = '')
	{
		$this->cls_session($db,$session_table,$session_data_table,$session_name,$session_id);
	}
	
	function cls_session(&$db,$session_table,$session_data_table,$session_name='ECS_ID',$session_id='')
	{
		$GLOBALS['_SESSION'] = array();
		if(!empty($GLOBALS['cookie_path']))
		{
			$this->session_cookie_path = $GLOBALS['cookie_path'];
		}
		else
		{
			$this->session_cookie_path = '/';
		}
		
		if(!empty($GLOBALS['cookie_domain']))
		{
			$this->session_cookie_domain = $GLOBALS['cookie_domain'];
		}
		else 
		{
			$this->session_cookie_domain = '';
		}
		
		if(!empty($GLOBALS['cookie_secure']))
		{
			$this->session_cookie_secure = $GLOBALS['cookie_secure'];
		}
		else 
		{
			$this->session_cookie_secure = false;
		}
		
		$this->session_name = $session_name;
		$this->session_table = $session_table;
		$this->session_data_table = $session_data_table;
		
		$this->db = &$db;
		$this->_ip = real_ip(); 
		
		if($session_id == '' && !empty($_COOKIE[$this->session_name]))
		{
			$this->session_id = $_COOKIE[$this->session_name];
		}
		else 
		{
			$this->session_id = $session_id;
		}
		
		if($this->session_id)
		{
			$tmp_session_id = substr($this->session_id, 0,32);
			if($this->gen_session_key($tmp_session_id)==substr($this->session_id, 32))
			{
				$this->session_id = $tmp_session_id;
			}
			else 
			{
				$this->session_id = '';
			}
		}
		
		$this->_time = time();
		
		if($this->session_id)
		{
			$this->load_session();
		}
		else 
		{
			$this->gen_session_id();
			setcookie($this->session_name,$this->session_id .$this->gen_session_key($this->session_id),0,$this->session_cookie_path,$this->session_cookie_domain,$this->session_cookie_secure);
		}
		
		register_shutdown_function(array(&$this,'close_session'));
	}
	
	function gen_session_key($session_id)
	{
		static $ip = '';
		if($ip == '')
		{
			$ip = substr($this->_ip,0,strrpos($this->_ip, '.'));
		}
		return sprintf('%08x',crc32(!empty($_SERVER['HTTP_USER_AGENT']) 
				? $_SERVER['HTTP_USER_AGENT'] . ROOT_PATH . $ip .$session_id 
				: ROOT_PATH . $ip .$session_id));
	}
	
	function gen_session_id()
	{
		$this->session_id = md5(uniqid(mt_rand(),true));
		return $this->insert_session();
	}
	
	function get_session_id()
	{
		return $this->session_id;
	}
	
	function insert_session()
	{
		return $this->db->query('insert into '.$this->session_table ."(sesskey,expiry,ip,data) values('".$this->session_id."','".$this->_time."','".$this->_ip."','a:0:{}')");
	}
	
	function load_session()
	{
		$session = $this->db->getRow('SELECT userid,adminid,user_name,user_rank,discount,email,data,expiry 
									  FROM ' . $this->session_table ."
									  WHERE sesskey = '" . $this->session_id . "'");
		if(empty($session))
		{
			$this->insert_session();
			
			$this->session_expiry = 0;
			$this->session_md5 	  = '40cd750bba9870f18aada2478b24840a';
			$GLOBALS['_SESSION']  = array();
		}
		else 
		{
			if(!empty($session['data']) && $this->_time - $session['expiry'] <= $this->max_life_time)
			{
				$this->session_expiry = $session['expiry'];
				$this->session_md5    = md5($session['data']);
				$GLOBALS['_SESSION']  = unserialize($session['data']);
				$GLOBALS['_SESSION']['user_id'] = $session['userid'];
				$GLOBALS['_SESSION']['admin_id'] = $session['adminid'];
				$GLOBALS['_SESSION']['user_name'] = $session['user_name'];
				$GLOBALS['_SESSION']['user_rank'] = $session['user_rank'];
				$GLOBALS['_SESSION']['discount'] = $session['discount'];
				$GLOBALS['_SESSION']['email'] = $session['email'];
			}
			else {
				
			}
			
		}
		
	}
	
}